Detections
Analytics

Xerox WorkCentre Web Server Unspecified Command Injection (XRX09-001)

critical Nessus Plugin ID 35566

Language:

Synopsis

The remote multi-function device is affected by a command injection vulnerability.

Description

According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly has an as-yet unspecified command injection vulnerability in its web server. A remote attacker may be able to leverage this issue to execute arbitrary code via carefully crafted inputs on an affected web page.

Solution

Apply the P37 patch as described in the Xerox security bulletin referenced above.

See Also

https://www.xerox.com/downloads/usa/en/c/cert_XRX09_001.pdf

Plugin Details

Severity: Critical

ID: 35566

File Name: xerox_xrx09_001.nasl

Version: 1.13

Type: remote

Family: Misc.

Published: 2/1/2009

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/h:xerox:workcentre

Required KB Items: www/xerox_workcentre

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/30/2009

Vulnerability Publication Date: 1/30/2009

Reference Information

BID: 33531